Kotlin: Add Array.get(_) support to taint tracking

Author: igfoo

java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll

@@ -4,6 +4,10 @@ import semmle.code.java.Maps
 private import semmle.code.java.dataflow.SSA
 private import DataFlowUtil
 
+private class ArrayType extends RefType {
+  ArrayType() { this.getSourceDeclaration().getASourceSupertype*() instanceof Array }
+}
+
 private class EntryType extends RefType {
   EntryType() {
     this.getSourceDeclaration().getASourceSupertype*().hasQualifiedName("java.util", "Map$Entry")
@@ -470,6 +474,14 @@ predicate arrayReadStep(Node node1, Node node2, Type elemType) {
     node2.asExpr() = aa
   )
   or
+  exists(Expr arr, Call call |
+    arr = node1.asExpr() and
+    call = node2.asExpr() and
+    arr.getType() instanceof ArrayType and
+    call.getCallee().getName() = "get" and
+    call.getQualifier() = arr
+  )
+  or
   exists(Array arr |
     enhancedForStmtStep(node1, node2, arr) and
     arr.getComponentType() = elemType